EP3839734A1 - Intégration de services d'orchestration à des services d'automatisation cloud - Google Patents

Intégration de services d'orchestration à des services d'automatisation cloud Download PDF

Info

Publication number
EP3839734A1
EP3839734A1 EP19217193.2A EP19217193A EP3839734A1 EP 3839734 A1 EP3839734 A1 EP 3839734A1 EP 19217193 A EP19217193 A EP 19217193A EP 3839734 A1 EP3839734 A1 EP 3839734A1
Authority
EP
European Patent Office
Prior art keywords
workflow
security group
rule
vro
snow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19217193.2A
Other languages
German (de)
English (en)
Inventor
Konrad CLAPA
Olena ZHUK
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agarik SAS
Original Assignee
Atos Uk It Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Atos Uk It Ltd filed Critical Atos Uk It Ltd
Priority to EP19217193.2A priority Critical patent/EP3839734A1/fr
Priority to US17/123,894 priority patent/US11902329B2/en
Publication of EP3839734A1 publication Critical patent/EP3839734A1/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5072Grid computing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • the invention relates to the field of cloud services management and provision.
  • cloud service providers offering hybrid and or multi-cloud services to major corporation has the challenge of providing orchestration of a vast number of legacy infrastructures of multiple customers and multi-cloud environments (Private / Public / Various brands GCP, AWS, Azure, VMware, OracleVM).
  • Virtualization of computing infrastructures is a fundamental process that powers cloud computing in order to provide services to customers requesting services on a cloud platform through a portal.
  • the features of the virtualization software are not well integrated with a services management unit of the cloud platform, the customers may not be able to access certain functionalities of the cloud platform, which can have a negative impact on the quality of service provided by said cloud platform.
  • CMP Cloud Service orchestration/processing module
  • CMP Cloud Automation Service
  • vSphere a virtualization software
  • the very basic integration does not allow to manage vSphere Virtual Machines (VMs) using the cloud management portal.
  • the present invention therefore has the object to obviate certain drawback of the prior art by proposing a computing infrastructure for providing cloud services to customers.
  • CMPP cloud management platform portal
  • CMPP cloud management platform portal
  • a system for managing security on a cloud management platform portal comprising a set of routines (scripts) which are executed on a computing device or processor allowing the cloud management platform portal to contact a cloud automation service (CAS) by using a REST API (Representational State Transfer Application Programing Interface) to access and configure a set of functionalities of the CAS of the platform hosting services in a portal so as to provision services to a customer, and a ServiceNow (SNOW) application comprising at least one set of herebelow routines comprising at least one of the following:
  • the system comprises a set of routines the execution of which on a processor provides to the CMPP a set of functionalities and applications comprising at least:
  • the set of functionalities and applications also comprises:
  • Another goal of the invention also concerns a method for providing cloud services to customers.
  • This goal is achieved by a process for managing a security group on a cloud management platform portal by means of a system for managing security as described in the invention, the system comprising a set of software codes executed on a processor of the platform to implement the process for managing a security group, said process being characterized in that it comprises at least one of the following:
  • a set of software codes is executed on the platform for creating a security group (SG), said creation of a security group process comprising:
  • a set of software codes is executed on the platform for modifying an existing security group, said modification of an existing security group process comprising the following steps:
  • a set of software codes is executed on the platform for deleting a security group, said deletion of a security group process comprising the following steps:
  • a set of software codes is executed on the platform for configuring a SDN security group rule, said configuration of a SDN security group rule process comprising at least one of the sub-steps:
  • a set of software codes is executed on the platform for creating a SDN security group rule, said creation of a SDN security group rule process, comprising:
  • a set of software codes is executed on the platform for modifying a SDN security group rule, said modification of a SDN security group rule process comprising the following steps:
  • a set of software codes is executed on the platform for deleting a SDN security group rule, said deletion of a SDN security group rule process comprising the following steps
  • the system for managing security is used in a server for managed PaaS (Platform as a service) comprising, in a container-based architecture, at least a processor and memories to save data and executable softwares so as to embed a cloud application software into a fully managed PaaS stack, abstracting complex hybrid Infrastructure as a Service (IaaS) away, said server being characterized in that the SNOW application of the system for managing security represents a first layer of said server, executed on at least a processor and is configured to:
  • the SNOW application is executed on the server for managed PaaS and displayed on a console adapted to the cloud application integrated software by integrating a specific API configured to interface the SNOW (ServiceNow) application language and command to the language and command of the cloud Application integrated software.
  • the system for managing security is used in an orchestrate Hybrid cloud system wherein a SAP (Systems, Applications and Products for data processing) administration is supported by said security management system for security audit and backup monitoring purpose and provisioning by:
  • SAP Systems, Applications and Products for data processing
  • the SNOW application execution on a processor of a computing device of the Orchestrated Hybrid cloud, provides an interface for enabling a user to determine any of the following parameters:
  • the present invention concerns a system for managing security on a cloud management platform portal (CMPP (1)).
  • CMPP (1) cloud management platform portal
  • the system comprises a set of routines (scripts) which are executed on a computing device or processor allowing the cloud management platform portal to contact a cloud automation service (CAS (4)) by using a REST API (3) (Representational State Transfer Application Programing Interface) to access and configure a set of functionalities of the CAS (4) of the platform hosting services in a portal so as to provision services to a customer, and a ServiceNow (2) (SNOW (2)) application comprising at least one the set of herebelow routines comprising at least one of the following:
  • the ServiceNow (2) application may also comprises at least one the set of herebelow routines comprising at least one of the following
  • a security group is a container for security group rules. Security groups and security group rules may allow administrators/manager to specify the type of traffic that is allowed to pass through a port.
  • VM virtual machine
  • VN virtual network
  • the SDN is an approach to networking that separates a control plane from a forwarding plane to support virtualization of computing infrastructures or systems.
  • the ServiceNow (2) (SNOW) application is a Cloud service processing/orchestration module or program or code.
  • the system for managing security on a cloud management platform portal comprises a set of routines which execution on a processor provides to the CMPP (1) a set of functionalities and applications comprising at least:
  • a Disaster Recovery Pod is an additional infrastructure that may be used to host the workloads after disaster occurs in a primary site.
  • the set of applications provided to the CMPP (1) by the execution of the set of routines included in the system for managing security on a cloud management platform portal may comprise a vRA (vRealize Automation) application for automation of cloud services.
  • vRA vRealize Automation
  • the set of functionalities and applications provided to the CMPP (1) by the system the system for managing security on a cloud management platform portal (CMPP (1)) through the execution of a set of routines on a processor, may also comprise:
  • a distributed firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks.
  • the NSX (7) Distributed firewall is a stateful firewall, meaning it monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • a flow is identified by the following:
  • Distributed firewall can help in creating identity-based rules as well. Administrators can enforce access control based on the user's group membership as defined in the enterprise Active Directory. For example, and without limitation, some scenarios where identity-based firewall rules can be used are:
  • Edge Firewall monitors the North-South traffic to provide perimeter security functionality including firewall, Network Address Translation (NAT), and site-to-site IPSec and SSL VPN functionality. This solution is available in the virtual machine form factor and can be deployed in a High Availability mode.
  • NAT Network Address Translation
  • SSL VPN Secure Sockets Layer
  • the invention also concerns a method for managing security group on a cloud management platform portal.
  • the process for managing a security group on a cloud management platform portal comprising a set of software codes executed on a processor the platform to implement the process for managing a security group, said process being characterized in that it comprises at least one of the following:
  • a set of software codes is executed on the platform for creating a security group (SG), said creating a security group process comprising, as illustrated on Figure 2 :
  • a set of software codes is executed on the platform for modifying an existing security group, said modifying an existing security group process comprising, as illustrated on Figure 3 :
  • a set of software codes is executed on the platform for deleting a security group, said deleting a security group process comprising as illustrated on Figure 4 :
  • a set of software codes is executed on the platform for adding server to a security group (not illustrated in the present invention), said adding server to a security group process comprising:
  • a set of software codes is executed on the platform for removing a virtual server to a security group (not illustrated in the present invention) and, said removing a virtual server to a security group comprising for the following steps:
  • a set of software codes is executed on the platform for configuring a SDN security group rule, said configuring a SDN security group rule process comprising at least one of the sub-steps:
  • a set of software codes is executed on the platform for creating a SDN security group rule, said creating a SDN security group rule comprising, as illustrated on Figure 5 :
  • a set of software codes is executed on the platform for modifying a SDN security group rule, said modifying a SDN security group rule process comprising, as illustrated on Figure 6 :
  • a set of software codes is executed on the platform for deleting SDN security group rule, said deleting SDN security group rule process comprising, as illustrated on Figure 7 :
  • the system for managing security may be used in a server for managed PaaS (Platform as a service) comprising, in a container-based architecture, at least a processor and memories to save data and executable softwares so as to embed a cloud application software into a fully managed PaaS stack, abstracting complex hybrid Infrastructure as a Service (IaaS) away.
  • the SNOW application of the system for managing security may represent a first layer of said server for managed PaaS, executed on at least a processor and configured to:
  • the SNOW application is executed on the server for managed PaaS and displayed on a console adapted to the cloud application integrated software (Apprenda) by integrating a specific API configured to interface the SNOW (ServiceNow (2)) application language and command to the language and command of the cloud Application integrated software (Apprenda).
  • system for managing security may be used in an orchestrate Hybrid cloud system wherein a SAP (Systems, Applications and Products for data processing) administration is supported by said security management system for security audit and backup monitoring purpose and provisioning by:
  • SAP Systems, Applications and Products for data processing
  • the SNOW application execution, of the system for managing security used in the Orchestrated Hybrid Cloud system, on a processor of a computing device of the Orchestrated Hybrid cloud system provides an interface for enabling a user to determine any of the following parameters:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
EP19217193.2A 2019-12-17 2019-12-17 Intégration de services d'orchestration à des services d'automatisation cloud Pending EP3839734A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP19217193.2A EP3839734A1 (fr) 2019-12-17 2019-12-17 Intégration de services d'orchestration à des services d'automatisation cloud
US17/123,894 US11902329B2 (en) 2019-12-17 2020-12-16 Integration of an orchestration services with a cloud automation services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP19217193.2A EP3839734A1 (fr) 2019-12-17 2019-12-17 Intégration de services d'orchestration à des services d'automatisation cloud

Publications (1)

Publication Number Publication Date
EP3839734A1 true EP3839734A1 (fr) 2021-06-23

Family

ID=68944336

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19217193.2A Pending EP3839734A1 (fr) 2019-12-17 2019-12-17 Intégration de services d'orchestration à des services d'automatisation cloud

Country Status (2)

Country Link
US (1) US11902329B2 (fr)
EP (1) EP3839734A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11442669B1 (en) 2018-03-15 2022-09-13 Pure Storage, Inc. Orchestrating a virtual storage system
WO2023050070A1 (fr) * 2021-09-28 2023-04-06 中远海运科技股份有限公司 Procédé et dispositif de protection d'accès au réseau de trafic total d'un hôte en nuage
US20230222044A1 (en) * 2022-01-07 2023-07-13 Jpmorgan Chase Bank, N.A. System and method for automatically monitoring performance of software robots

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012021324A2 (fr) * 2010-08-12 2012-02-16 Unisys Corporation Déplacement d'applications logicielles d'une entreprise vers un domaine d'infonuagique
US20160065417A1 (en) * 2013-03-15 2016-03-03 Gravitant, Inc Fulfillment of cloud service orders
FR3075528A1 (fr) * 2017-12-19 2019-06-21 Atos Uk International It Services Limited Systeme de nuage hybride orchestre pour sap
WO2019121677A1 (fr) * 2017-12-19 2019-06-27 Atos Information Technology GmbH Nuage public géré
WO2019121679A1 (fr) * 2017-12-21 2019-06-27 Atos International B.V. Plate-forme de gestion de nuage

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9069599B2 (en) * 2008-06-19 2015-06-30 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US8914406B1 (en) * 2012-02-01 2014-12-16 Vorstack, Inc. Scalable network security with fast response protocol
CN107409126B (zh) * 2015-02-24 2021-03-09 思科技术公司 用于保护企业计算环境安全的系统和方法
US10171507B2 (en) * 2016-05-19 2019-01-01 Cisco Technology, Inc. Microsegmentation in heterogeneous software defined networking environments
US10645087B2 (en) * 2017-06-06 2020-05-05 Amgen Inc. Centralized authenticating abstraction layer with adaptive assembly line pathways
US10666508B2 (en) * 2017-06-09 2020-05-26 Nicira, Inc. Unified software defined networking configuration management over multiple hosting environments
US11169815B2 (en) * 2018-01-16 2021-11-09 Bby Solutions, Inc. Method and system for automation tool set for server maintenance actions
US20190356697A1 (en) * 2018-05-15 2019-11-21 Nicira, Inc. Methods and apparatus to assign security in networked computing environments
US10999326B1 (en) * 2018-05-30 2021-05-04 Tigera, Inc. Fine grained network security
US10708230B2 (en) * 2018-06-14 2020-07-07 Servicenow, Inc. Systems and methods for firewall configuration using block lists
US11108859B2 (en) * 2018-07-02 2021-08-31 Accenture Global Solutions Limited Intelligent backup and recovery of cloud computing environment
US10826770B2 (en) * 2018-07-26 2020-11-03 Cisco Technology, Inc. Synthesis of models for networks using automated boolean learning
US11537627B1 (en) * 2018-09-28 2022-12-27 Splunk Inc. Information technology networked cloud service monitoring
US11315044B2 (en) * 2018-11-08 2022-04-26 Vmware, Inc. Multi dimensional scale analysis using machine learning
US10924344B2 (en) * 2019-04-11 2021-02-16 Servicenow, Inc. Discovery and mapping of cloud-based resource modifications
US10798084B1 (en) * 2019-04-30 2020-10-06 Sailpoint Technologies, Inc. System and method for identity management of cloud based computing services in identity management artificial intelligence systems
US20210021471A1 (en) * 2019-07-15 2021-01-21 Microsoft Technology Licensing, Llc Techniques for managing virtual networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012021324A2 (fr) * 2010-08-12 2012-02-16 Unisys Corporation Déplacement d'applications logicielles d'une entreprise vers un domaine d'infonuagique
US20160065417A1 (en) * 2013-03-15 2016-03-03 Gravitant, Inc Fulfillment of cloud service orders
FR3075528A1 (fr) * 2017-12-19 2019-06-21 Atos Uk International It Services Limited Systeme de nuage hybride orchestre pour sap
WO2019121677A1 (fr) * 2017-12-19 2019-06-27 Atos Information Technology GmbH Nuage public géré
WO2019121679A1 (fr) * 2017-12-21 2019-06-27 Atos International B.V. Plate-forme de gestion de nuage

Also Published As

Publication number Publication date
US11902329B2 (en) 2024-02-13
US20210185007A1 (en) 2021-06-17

Similar Documents

Publication Publication Date Title
US10318265B1 (en) Template generation for deployable units
US11409719B2 (en) Co-locating microservice persistence containers within tenant-specific database
US9621592B2 (en) System and method for software defined deployment of security appliances using policy templates
US11048544B2 (en) Cloud resource credential provisioning for services running in virtual machines and containers
US20180278602A1 (en) Desktop application fulfillment platform with multiple authentication mechanisms
US11902329B2 (en) Integration of an orchestration services with a cloud automation services
US8316125B2 (en) Methods and systems for automated migration of cloud processes to external clouds
US11106492B2 (en) Workflow service for a cloud foundry platform
US10552796B1 (en) Approval service in a catalog service platform
US11068136B1 (en) Application fulfillment platform with automated license management mechanisms
US11363117B2 (en) Software-specific auto scaling
CN107967140B (zh) 软件修改的发起方法、发布元数据的方法及装置
US10356155B2 (en) Service onboarding
US20140237373A1 (en) Method of provisioning a cloud-based render farm
WO2015038241A1 (fr) Procédés, systèmes et supports lisibles par un ordinateur destinés à mettre à jour des éléments dans un système d'infrastructure convergente
CN103595801B (zh) 一种云计算系统及其虚拟机实时监控方法
US20200136930A1 (en) Application environment provisioning
US20140337750A1 (en) Dynamically grouping monitored resources in a cloud environment to collections representing a composite application
CN111708550A (zh) 应用部署方法、装置、计算机设备及存储介质
Van't Hof et al. Androne: Virtual drone computing in the cloud
US11119817B2 (en) Breaking dependence of distributed service containers
KR101544487B1 (ko) 복수의 사용자 계정들을 갖는 클라이언트에 대한 가상 데스크톱 서비스 시스템
CN114489954A (zh) 基于虚拟化平台的租户创建方法、租户访问方法及设备
CN110798504B (zh) 跨区域共享服务的方法、装置、管理设备及存储介质
CN111447076B (zh) 网络功能虚拟化nvf系统的容器部署方法及网元

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20210409

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: AGARIK SAS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20221128

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230330